Users logging in with blank username

  • Resolved esepulveda

    (@esepulveda)


    9 years ago

    I have many attempts to log in using blank usernames, sometimes as many as 1,500 on a single night.

    I have been manually blocking the IP addresses on WordFence but it woul be far more useful to validate that the username field is not left blank.

    Is this an option at the WordFence or WordPress settings?

    https://www.ads-software.com/plugins/wordfence/

Viewing 1 replies (of 1 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Hi,

    Wordfence doesn’t currently have this option. I’ve sometimes seen 2 or 3 attempts with a blank username, but 1500 is new! WordPress itself won’t allow a blank username to log in, so it’s strange for the bot(s) to try so hard. It might be a general-purpose bot that doesn’t specifically target WordPress, but happened to find your login page.

    If it’s a poorly coded bot, you might be able to block them in a different way by enabling “Block IP’s who send POST requests with blank User-Agent and Referer” near the bottom of the Wordfence options page. This works well on most sites, but I have heard of other valid plugins or services that might get blocked by this feature, so if you try it, be sure that other parts of the site are still working correctly.

    -Matt R

Viewing 1 replies (of 1 total)
  • The topic ‘Users logging in with blank username’ is closed to new replies.

Tags